Monthly Archives: October 2014

IdentityServer v3 Beta 3

Posted on October 28, 2014 by Dominick Baier

Some of our users already found out and broke the news – so here’s my official post ;) Beta 3 has been released to github and nuget – 107 commits since Beta 2-1…new features include: Anti-forgery token support Permission self-service … Continue reading →

Posted in ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 5 Comments

IdentityServer v3 and “Post Logout Redirect”

Posted on October 14, 2014 by Dominick Baier

One frequently requested feature was the ability to redirect back to the client after logging out of IdentityServer. The session management spec describes this in the “RP-initiated logout” section. While this is a nice convenience feature and seems trivial to … Continue reading →

Posted in Uncategorized | 7 Comments

IdentityServer v3 Beta 2-1

Posted on October 14, 2014 by Dominick Baier

We just did a minor update to Beta 2. Besides some smaller changes and bug fixes we now support redirecting back to a client after logout (very requested feature). I will write a blog post soon describing how it works.

Posted in IdentityServer, OAuth, OpenID Connect, WebAPI | Leave a comment

Getting started with IdentityServer v3

Posted on October 12, 2014 by Dominick Baier

Last night I started working on a getting started tutorial for IdentityServer v3 – while writing it, it became clear, that a single walkthrough will definitely not be enough to show the various options you have – anyways I started with … Continue reading →

Posted in ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 13 Comments

OpenID Connect Hybrid Flow and IdentityServer v3

Posted on October 10, 2014 by Dominick Baier

One of the features we added in Beta 2 is support for hybrid flow (see spec). What is hybrid flow – and why do I care? Well – in a nutshell – OpenID Connect originally extended the two basic OAuth2 … Continue reading →

Posted in IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 33 Comments

Identity & Access Control at NDC London 2014

Posted on October 9, 2014 by Dominick Baier

The NDC Agenda is out now – and Brock and me will do a number of identity & access control related sessions. Brock will talk about identity management in ASP.NET – which is a huge topic – so he split … Continue reading →

Posted in .NET Security, ASP.NET, IdentityModel, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 6 Comments

IdentityServer v3 – Beta 2

Posted on October 8, 2014 by Dominick Baier

We just pushed IdentityServer v3 beta 2 to github and nuget. This time it’s been 161 commits and we added a lot of small things – and a couple of bigger things, e.g.: Update to Katana v3 and JWT handler … Continue reading →

Posted in ASP.NET, IdentityServer, Katana, OAuth, OpenID Connect, OWIN, WebAPI | 5 Comments

401 vs 403

Posted on October 2, 2014 by Dominick Baier

For years, there’s been an ongoing discussion which HTTP status code to use for “not authorized” scenario – and the original HTTP 1.1 specification wasn’t exactly crystal clear about the distinction between 401 (unauthorized) and 403 (forbidden). But there is … Continue reading →

Posted in .NET Security, ASP.NET, Katana, OAuth, OWIN, WebAPI | Leave a comment

Monthly Archives: October 2014

IdentityServer v3 Beta 3

IdentityServer v3 and “Post Logout Redirect”

IdentityServer v3 Beta 2-1

Getting started with IdentityServer v3

OpenID Connect Hybrid Flow and IdentityServer v3

Identity & Access Control at NDC London 2014

IdentityServer v3 – Beta 2

401 vs 403

Recent Posts

Categories

Tweets

Feed

Archives